Description
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.
Remediation
References
https://github.com/developmentil/ecdh/issues/3
Related Vulnerabilities
CVE-2018-1000536 Vulnerability in npm package medis
CVE-2021-23497 Vulnerability in npm package @strikeentco/set
CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap
CVE-2018-14041 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap
CVE-2020-7639 Vulnerability in npm package eivindfjeldstad-dot